CMMC and Scoping Level 1 Self-Assessments

lock and USB drive on keyboard

One of the more significant changes in the new CMMC 2.0 guidelines was the move from third-party to self-assessment at Level 1 maturity. At Level 1, contractors can perform a self-assessment rather than engage with a C3PAO, significantly reshaping their obligations and the associated costs and effort for compliance. 

Here, we’re covering the CIO’s guidance for organizations performing self-assessments, specifically how to scope their self-assessments for Level 1 maturity. 


Read More

When Should You Work with a CMMC RPO vs. a C3PAO?

Glowing log surrounded by digital artifacts

CMMC is a complex undertaking. Depending on where you are in your certification journey, you could require consulting, assessment, or both. Fortunately, the CMMC program includes training and authorization for two distinct types of organizations: Registered Provider Organizations (RPOs) and Certified Third-Party Assessment Organizations (C3PAOs), each offering different services. 

We’re discussing these organizations and which one you might want to engage with when preparing for CMMC certification. 


Read More